Overview
This report covers the active exploitation of two vulnerabilities affecting Mitel MiCollab: CVE-2024-41713 and CVE-2024-55550. These vulnerabilities allow attackers to conduct path traversal attacks, leading to unauthorised access and the potential for administrative actions. Public proof-of-concept (PoC) code has been released, accelerating exploitation attempts.
Affected Systems
- Mitel MiCollab: Versions 9.8 SP1 FP2 (9.8.1.201) and earlier.
Vulnerability Details
- CVE-2024-41713 (CVSS 9.8 - Critical)
- A path traversal vulnerability in the NuPoint Unified Messaging (NPM) component.
- Exploitation allows unauthenticated attackers to:
- Access provisioning and system data.
- Perform unauthorised administrative actions on the MiCollab server.
- CVE-2024-55550 (Low Severity)
- A local file read vulnerability exploitable by authenticated administrators.
- Limited to non-sensitive system information with no risk of privilege escalation or file modification.
Impact
- Unauthenticated attackers can gain significant control over MiCollab servers.
- Administrative access increases the risk of data exposure and system manipulation.
Exploitation
Exploitation in the wild has been confirmed, linked to the PoC code release on December 5, 2024. Organizations are urged to prioritise remediation.
Mitigation Steps
Recommendations
- Immediate Patching: Apply the latest updates to affected Mitel MiCollab installations.
- Monitor Network Traffic: Implement intrusion detection systems to identify path traversal activities.
- Access Control: Restrict access to Mitel MiCollab administrative interfaces to trusted IPs.
- User Awareness: Notify administrators of the risk associated with these vulnerabilities.
- Incident Response: Be prepared to respond to potential exploitation attempts.
Organisations utilising Mitel MiCollab must act swiftly to mitigate the risk posed by these vulnerabilities. Failure to address the issue promptly could result in unauthorised access and administrative control by threat actors.
.svg)
.png)